OpenVPN + quagga OSPF Need some help
-
What do you mean by " there is nothing in Quagga OSPF General "? If there is literally nothing - when your Q/Z is not running at all.
If there is "something" (eg diagnostic info) but OSPF cant establish link…
1st: enable both logging options (will be in system logs - routing)
2nd: don't mangle with hello/retransmit/dead, leave them at defaults. If you REALLY want to play with them - do this AFTER you will get OSPF working
3rd: remove ACCEPT filters, you don't need them, at least now.
4th: start with 1 openvpn interface, after you will make it run - add second. This will be much simpler for you to configure and diagnose. Maybe you just mismatching your VPN links and attempting to configure mismatching hello/dead intervals, which is a NO-NO. -
OR you messed up something while tinkering and zebra with opsf now running with other password, or they just are dead.
If you can - rebuild ospf configuration from scratch, with package remove/reinstall. -
Config looks fine for me.
-
Well, it found a neighbor, so it works.
BUT if you still unable to get diag info - you better rebuild it, to be able to see what's going on.
You got same problem on second router? -
I have ospfd/zebra running on pfs from ~2.1.3 to 2.3.1, all show diag without problems.
Jun 21 16:22:00 ospfd 1267 nsm_change_state(192.168.1.1, Loading -> Full): scheduling new router-LSA origination
Jun 21 16:22:01 ospfd 1267 SPF Processing Time(usecs): External Routes: 6
Jun 21 16:22:14 ospfd 1267 nsm_change_state(192.168.1.1, Full -> Init): scheduling new router-LSA origination
Jun 21 16:22:14 ospfd 1267 SPF: Scheduled in 0 msec
Jun 21 16:22:15 ospfd 1267 SPF Processing Time(usecs): External Routes: 10
Jun 21 16:22:23 ospfd 1267 Packet[DD]: Neighbor 192.168.1.1: Initial DBD from Slave, ignoring.
Jun 21 16:22:23 ospfd 1267 Packet[DD]: Neighbor 192.168.1.1 Negotiation done (Master).
Jun 21 16:22:23 ospfd 1267 nsm_change_state(192.168.1.1, Exchange -> Full): scheduling new router-LSA originationYep, it works. If you defined local/remote networks in OpenVPN configuration - you can remove them now and have routes pushed from ospfd.
But still - without status info available you are swimming blindfolded. You can still get this info from shell but wouldn't call that comfortable.
-
Oddly, all my settings where still remembered
They are stored in config.xml of pfSense.
Do you see status info after rebuild? If yes, in "Quagga OSPF Neighbors" you should see Router ID of other router.
And most important for you is "Quagga Zebra Routes", there should be routes (prepended by O>) to your LAN on other router.
OpenVPN links are directly connected, so their networks would show up anyway. -
…
Rebuild both pfSenses from scratch?
Or learn how to get info from shell. -
Not quite.
Tunnel network is necessary for tunnel to function, so you should not remove it.
But remote and local networks could be removed (and better be, because they will override OSPF routing).
Key point to understand - after both of your OSPF routers paired - they should have information WHICH networks to announce.
In your case you provided this info through config:
interface igb0
network 192.168.1.0/24 area 0.0.0.0 -
- Show your Zebra routes and system routing table
- Check firewall rules on OpenVPN tab - better have ANY to ANY until you got it working.
- If you have 2 openvpn connections between 2 routers - you will have troubles. Adjust cost for tunnels, so then they are both live - one would be preffered.
-
Please, draw a network scheme (with interface names and ip/subnets).
-
Well, it is clear now.
You write:The other night I was able to disconnect the main WAN (Charter) in the main office and was able to ping over to the remote office.
However, I was not able to ping from the remote office back to the main office.But if you look at routing table at branch, you will see
K>* 192.168.1.0/24 via 192.168.88.1, ovpnc1
So remote office still thinks what it should send packets to main office through OpenVPN tunnel which terminates at Charter.
Also, K> says what this route did not came from OSPF (though O 192.168.1.0/24 [110/20] via 192.168.88.1, ovpnc1, 14:29:15 tells OSPF thinks same).If you haven't statically assign route in 192.168.88.0 tunnel, than you can try to enable "Don't pull routes" on VPN configuration.
I have exactly same situation sometimes, but I didn't found the perfect solution, nor cause. Default configuration for OpenVPN contains ping-restart directive, which should reset OpenVPN tunnel in case of lost connection (and drop assigned routes in process), but this doesn't happen.
Can you create a thread in VPN board, citing your last two posts and this one? Maybe someone could help both us…
-
Can anyone suggest where I get help with this problem? I really need this to get fixed. Different forum?